httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: Question on apache subprequest
Date Mon, 27 Nov 2006 10:42:05 GMT
On Mon, 27 Nov 2006 15:22:59 +0530
"Vedavyas Raichur" <> wrote:

> Hi all,
>      I have a problem with my authentication handler. When the
> authentication succeeds i create a new key and pass it off as cookie
> to the client. But it seems the key is getting created twice as the
> hook is invoked twice.

Is that a problem?  Is your cookie reaching the client twice?

> I just got around this by using ap_is_initial_request(), but is it
> appropriate or safe to skip the  authentication for a subrequest?

Careful with your terminology there.  It's more likely an internal
redirect than a subrequest.  An internal redirect is what you get
for example when mod_dir maps "/" to "/index.html".

So to answer your question: no it's not safe to authenticate
only if ap_is_initial_request.  An internal redirect may happen
before the authentication phase, for example when you use the
Alias directive.

What you can do when ap_isn't_initial_request is check the r->user
field in the parent request or previous request (depending on
whether it's a subreq or internal redirect).  That'll be set if
authentication already happened.

Nick Kew

Application Development with Apache - the Apache Modules Book

View raw message